2009/2/9 Stuart <stut...@gmail.com>: > 2009/2/9 Michael Kubler <mdk...@gmail.com>: >> These days SHA should really be used instead of MD5, and you should be >> SALTing the password as well. >> Here's a great guide : http://phpsec.org/articles/2005/password-hashing.html > > Good advice.
Absolutley. I used mysqls md5() function only as an example. > I would also advise against stripping and trimming > anything from passwords. By removing characters you're significantly > reducing the number of possible passwords. Surely, the stripping should only be done when when magic_quotes is enabled! (e.g. Your Server makes \' out of '). Trimming could be left out but it minimizes user errors and users pretending to know their password. (Like copy/paste from a passwords-file with added spaces on the end, etc..) Regards -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php